Change Details

A common source of security bugs has been code that opens file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and three checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags
argument.
-- creat() should be replaced by open().
-- fopen() should include "e" in their mode string.

A common source of security bugs has been code that opens file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and three checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [file-open-flag]
-- creat() should be replaced by open(). [creat-usage]
-- fopen() should include "e" in their mode string. [fopen-mode]

A common source of security bugs has been code that opens file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and three checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flagsargument. [file-open-flag]
-- creat() should be replaced by open(). [creat-usage]
-- fopen() should include "e" in their mode string. [fopen-mode]